On the Feasibility of Distinguishing Between Process Disturbances and Intrusions in Process Control Systems using Multivariate Statistical Process Control

Process Control Systems (PCSs) are the operat-ing core of Critical Infrastructures (CIs). As such, anomalydetection has been an active research field to ensure CInormal operation. Previous approaches have leveraged networklevel data for anomaly detection, or have disregarded theexistence of process disturbances, thus opening the possibility of mislabelling disturbances as attacks and vice versa. In thispaper we present an anomaly detection and diagnostic systembased on Multivariate Statistical Process Control (MSPC), thataims to distinguish between attacks and disturbances. For this end, we expand traditional MSPC to monitor process leveland controller level data. We evaluate our approach using the Tennessee-Eastman process. Results show that our approachcan be used to distinguish disturbances from intrusions to acertain extent and we conclude that the proposed approach canbe extended with other sources of data for improving results

Vulnerability and resilience of cyber-physical power systems: results from an empirical-based study

Power systems are undergoing a profound transformation towards cyber-physical systems. Disruptive changes due to energy system transition and the complexity of the interconnected systems expose the power system to new, unknown and unpredictable risks. To identify the critical points, a vulnerability assessment was conducted, involving experts from power as well as information and communication technologies (ICT) sectors. Weaknesses were identified e.g.,the lack of policy enforcement worsened by the unreadiness of involved actors. The complex dynamics of ICT makes it infeasible to keep a complete inventory of potential stressors to define appropriate preparation and prevention mechanisms. Therefore, we suggest applying a resilience management approach to increase the resilience of the system. It aims at a better ride through failures rather than building higher walls. We conclude that building resilience in cyber-physical power systems is feasible and helps in preparing for the unexpected